If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

NMAP 3.55 is out!!

The coolest new feature is MAC address detection and vendor lookup. That can be very useful for systems/network administrators trying to track machines with dynamic IPs. It also augments OS detection in determining what a system is -- a system with a Cisco ethernet card is probably a router. Note the MAC address field in this example:

Other changes include more service fingerprints, a number of crash fixes, better OS detection names, portability fixes, and more. Here is the CHANGELOG since 3.50:

o Added MAC address printing. If Nmap receives packet from a target
machine which is on an Ethernet segment directly connected to the
scanning machine, Nmap will print out the target MAC address. Nmap
also now contains a database (derived from the official IEEE
version) which it uses to determine the vendor name of the target
ethernet interface. The Windows version of Nmap does not yet have
this capability. If any Windows developer types are interesting in
adding it, you just need to implement IPisDirectlyConnected() in
tcpip.cc and then please send me the patch. Here are examples from
normal and XML output (angle brackets replaced with [] for HTML
changelog compatability):
MAC Address: 08:00:20:8F:6B:2F (SUN Microsystems)
[address addr="00:A0:CC:63:85:4B" vendor="Lite-on Communications" addrtype="mac" /]

o Updated the XML DTD to support the newly printed MAC addresses.
Thanks to Thorsten Holz (thorsten.holz(a)mmweg.rwth-******.de) for
sending this patch.

o Added a bunch of new and fixed service fingerprints for version
detection. These are from Martin MaÚok
(martin.macok(a)underground.cz).

o Modified the mswine32/nmap_performance.reg Windows registry file to
use an older and more compatable version. It also now includes the
value "StrictTimeWaitSeqCheck"=dword:00000001 , as suggested by Jim
Harrison (jmharr(a)microsoft.com). Without that latter value, the
TcpTimedWaitDelay value apparently isn't checked. Windows users
should apply the new registry changes by clicking on the .reg file.
Or do it manually as described in README-WIN32. This file is also
now available in the data directory athttp://www.insecure.org/nmap/data/nmap_performance.reg

o Applied patch from Gisle Vanem (giva(a)bgnett.no) which allows the
Windows version of Nmap to work with WinPCAP 3.1BETA (and probably
future releases). The Winpcap folks apparently changed the encoding
of adaptor names in this release.

o If a user attempts -PO (the letter O), print an error suggesting
that they probably mean -P0 (Zero) to disable ping scanning.

o Applied a couple patches (with minor changes) from Oliver Eikemeier
(eikemeier(a)fillmore-labs.com) which fix an edge case relating to
decoy scanning IP ranges that must be sent through different
interfaces, and improves the Nmap response to certain error codes
returned by the FreeBSD firewall system. The patches are fromhttp://cvsweb.freebsd.org/ports/security/nmap/files/ .

o Many people have reported this error: "checking for type of 6th
argument to recvfrom()... configure: error: Cannot find type for 6th
argument to recvfrom()". In most cases, the cause was a missing or
broken C++ compiler. That should now be detected earlier with a
clearer message.

o Fixed some minor bugs related to the new MAC address printing
feature.

o Fixed a problem with UDP-scanning port 0, which was reported by
Sebastian Wolfgarten (sebastian(a)wolfgarten.com).

o Applied patch from Ruediger Rissmann (RRI(a)zurich.ibm.com), which
helps Nmap understand an EACCESS error, which can happen at least
during IPv6 scans from certain platforms to some firewalled targets.

o Renamed ACK ping scan option from -PT to -PA in the documentation.
Nmap has accepted both names for years and will continue to do
so.

o Removed the notice that Nmap is reading target specifications from a
file or stdin when you specify the -iL option. It was sometimes
printed to stdout even when you wanted to redirect XML or grepable
output there, because it was printed during options processing before
output files were handled. This change was suggested by Anders Thulin
(ath(a)algonet.se).

o Added --source_port as a longer, but hopefully easier to remember,
alias for -g. In other words, it tries to use the constant source
port number you specify for probes. This can help against poorly
configured firewalls that trust source port 20, 53, and the like.

o Removed undocumented (and useless) -N option.

o Fixed a version detection crash reported in excellent detail by
Jedi/Sector One (j(a)pureftpd.org).

o Modified the configure/build system to fix library ordering problems
that prevented Nmap from building on certain platforms. Thanks to
Greg A. Woods (woods(a)weird.com) and Saravanan
(saravanan_kovai(a)HotPop.com) for the suggestions.

o Applied a patch to Makefile.in from Scott Mansfield
(thephantom(a)mac.com) which enables the use of a DESTDIR variable
to install the whole Nmap directory structure under a different root
directory. The configure --prefix option would do the same thing in
this case, but DESTDIR is apparently a standard that package
maintainers like Scott are used to. An example usage is
"make DESTDIR=/tmp/packageroot".

o Removed unnecessary banner printing in the non-root connect() ping
scan. Thanks to Tom Rune Flo (tom(a)x86.no) for the suggestion and
a patch.

o Updated the headers at the top of each source file (mostly to
advance the copyright year to 2004 and note that Nmap is a registered
trademark).

Host 10.10.10.255 seems to be a subnet broadcast address (returned 1 extra pings). Still scanning it due to ping response f
rom its own IP.
Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
Interesting ports on 10.10.10.255:
(The 1659 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE VERSION
80/tcp closed http
Too many fingerprints match this host to give specific OS details

Originally posted here by lepricaun thanks! i'll go and download it right away

Have fun, because if you have any issues you better be located at HOPE or your SoL. There will not be any support since everyone will be at The Fifth Hope. Good thing I made the last minute decision to go.

Now there are (smart) people who would advise against releasing a new
stable version of Nmap just hours before my flight. I might come back
next week to thousands of mails saying "you forgot to set read
permission on the tarball, you dolt!" or "it doesn't even compile on [some
important OS]!"

The MAC Address Vendor Identification is definately a cool feature. I am running an Asus motherboard and the NIC is onboard, so it's correct. However it's a VIA Rhine II NIC so I'm kind of surprised that it wasn't identified as being VIA.

Peace,
HT

[Edit]

My Scan also turned up a few ports which couldn't be service fingerprinted. The software opening the ports was Skype Beta 0.98.0.6 (VoIP IM) on Windows XP. If anyone is interested, the fingerprints are: